Personal blog

Catching JavaScript exceptions in client-side malware

I use {Track:js} to track my client-side JavaScript errors that happen in the browser. It works like so: TrackJS’s JS snippet is included in the page. The script wraps the global window.onerror handler (among other things) and starts waiting for an error to happen. When an exception is thrown from the browser’s JS runtime TrackJS sends it (along with a stacktrace) to their server for further analysis. An admin is notified via email, Slack etc. if they have chosen so.

The logged event in TrackJS’s database also includes information about the user interactions during the visit and any AJAX calls from the page. This way it’s very easy and convenient to debug your client-side applications behaviour and pin-point what causes exceptions to be thrown. TrackJS also lets you ping them with any messages to be logged even if there wasn’t an exception in the first place. You can also include any contextual information if you wish (user id, preferences, what version of your app was running etc.).

The above image is from Unisafka.fi’s TrackJS timeline. I got alerted about a missing semicolon that caused an exception. What’s curious? The script that was malformed syntactically did not come from Unisafka.fi. Judging from some Google results it seems that the client has some sort of malware in their computer/browser and it’s injecting some JS that then requests other files. Unfortunately, the malicious file was itself malformed and could not be run.